What is claimed is: 



CLAIMS 



1 . A method allowing for dynamic detection of network devices located along a 

5 communications path that include compatible transformation tunnel capabilities, at 
least one of the network devices operative to recognize probe requests and transmit a 
probe response including transformation tunnel capabilities in response to the probe 
request, the method comprising the steps of: 

detecting a first data flow to a destination host; 

10 probing the path to the destination host to identify network devices having 
compatible transformation tunnel capabilities; and, 

if a network device is identified in the probing step, transforming subsequent 
data flows, and/or subsequent packets in the first data flow, to the destination host 
from a first state to a second state and tunneling the data flows to the identified 

15 network device. 

2. The method of claim 1 wherein the probing step comprises the steps of 

transmitting a probe request to the destination host; and 
receiving a probe response from a network device in the path to the 
20 destination host. 

3. The method of claim 1 further comprising the step of 

transforming, at the identified network device, the data flows from the second 
state to a third state; and 
25 transmitting the data flows to the destination host. 

4. The method of claim 3 wherein the third state is substantially the same as the first 
state. 

30 5. The method of claim 1 wherein the probing step is conditioned on detection of a 
threshold level of activity associated with the destination host. 
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6. The method of claim 5 wherein the threshold level of activity comprises a 
minimum number of data flows to the destination host over an analysis interval. 

5 7. The method of claim 5 wherein the threshold level of activity comprises a 
minimum number of bytes transmitted to the destination host over an analysis 
interval. 

8. The method of claim 5 wherein the threshold level of activity comprises a 

10 minimum average data flow rate associated with the destination host over an analysis 
interval. 

9. The method of claim 1 further comprising the step of 

selecting the network device furthest along the path to the destination host, if 
15 a plurality of network devices are identified in the probing step. 

10. The method of claim 2 further comprising the step of 

selecting the network device furthest along the path to the destination host, if 
a plurality of network devices are identified in the probing step. 

20 

11. The method of claim 10 wherein the responding network devices transmit probe 
responses in response to probe requests, wherein the probe responses are TCP/IP 
packets including a predefined Time-To-Live value; and the selecting step is 
determined on the basis of the Time-To-Live values of the probe responses 

25 transmitted by the plurality of network devices. 

12. The method of claim 1 wherein the transforming step comprises compressing data 
associated with the data flows in a format the identified network device can 
decompress. 

30 
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13. The method of claim 1 wherein the transforming step comprises caching data 
associated with the data flows. 

14. The method of claim 1 wherein the transforming step comprises encrypting data 
5 associated with the data flows in a format the identified network device can decrypt. 

15. A method allowing for optimization of communications paths associated with a 
computer network by dynamic detection of network devices located along a 
communications path that include compatible transformation tunnel capabilities, at 

10 least one of the network devices operative to recognize probe requests and transmit a 
probe response including transformation tunnel capabilities in response to the probe 
request, the method comprising the steps of: 

detecting a data flow to a destination host; 
if the path to the destination host has not been probed, then: 
15 probing the path to the destination host to identify network devices 

having compatible transformation tunnel capabilities; and, 

associating a network device identified in the probing step with the 
destination host; 
and, 

20 if a network device is associated with a destination host, transforming data 
flows to the destination host from a first state to a second state and tunneling the 
data flows to the associated network device. 

16. The method of claim 15 wherein the probing step comprises the steps of 
25 transmitting a probe request to the destination host; and 

receiving a probe response from a network device in the path to the 
destination host. 

17. The method of claim 15 further comprising the step of 

30 transforming, at the identified network device, the data flows from the second 
state to a third state; and 
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transmitting the data flows to the destination host. 

18. The method of claim 17 wherein the third state is substantially the same as the 
first state. 

5 

19. The method of claim 15 wherein the probing step is conditioned on detection of a 
threshold level of activity associated with the destination host. 

20. The method of claim 15 further comprising the step of 

10 selecting the network device furthest along the path to the destination host, if 
a plurality of network devices are identified in the probing step. 

21 . The method of claim 20 wherein the responding network devices transmit probe 
responses in response to probe requests, wherein the probe responses are TCP/IP 

15 packets including a predefined Time-To-Live value; and the selecting step is 
determined on the basis of the Time-To-Live values of the probe responses 
transmitted by the plurality of network devices. 

22. An apparatus allowing for automatic detection of network devices located in a 
20 communications path that include compatible transformation tunnel capabilities, 

comprising: 

a packet processor operably connected to a computer network to monitor data 
flows traversing communication paths associated with the computer network to 
respective destination hosts; 
25 a transformation tunnel mechanism including transformation tunnel capabilities 
operative to transform data flows from a first state to a second state; 

wherein the transformation tunnel mechanism is further operative to 
establish a tunnel with a network device having compatible transformation tunnel 
capabilities located in a communications path associated with the computer network; 
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a probe module operative to probe for network devices along communications 
paths to destination hosts that include compatible transformation tunnel capabilities 
in response to data flows detected by the packet processor; 

wherein the probe module is operative to associate destination hosts 
5 with respective network devices along communication paths thereto having 
compatible transformation tunnel capabilities; 

wherein the packet processor is further operative to channel data flows 
to the transformation tunnel mechanism, wherein the channeled data flows are bound 
for destination hosts associated with network devices identified by the probe module. 

10 

23. The apparatus of claim 22 wherein the probe module is operative to transmit 
probe requests along communication paths to destination hosts in response to new 
data flows, and 

wherein the probe request causes compatible network devices along the 
15 path to communicate transformation tunnel capabilities to the apparatus. 

24. The apparatus of claim 22 wherein the packet processor is operative to identify 
new destination hosts associated with data flows and store the computer network 
address of the destination host in a database. 

20 

25. The apparatus of claim 24 wherein the probe module stores network devices 
having compatible transformation tunnel capabilities in the database in association 
with corresponding destination hosts. 

25 26. The apparatus of claim 22 further comprising a traffic class engine operative to 
classify data flows traversing the packet processor into one of a plurality of traffic 
types; 

wherein traffic types associated with data flows are operative to condition the 
operation of the probe module with respect to the destination hosts associated with 
30 such data flows. 
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27. The apparatus of claim 22 further comprising a traffic class engine operative to 
classify data flows traversing the packet processor into one of a plurality of traffic 
types; 

wherein the traffic types associated with the data flows are operative to 
5 condition the channeling of such data flows to the transformation tunnel mechanism. 

28. The apparatus of claim 27 wherein traffic types associated with data flows are 
further operative to condition the operation of the probe module with respect to the 
destination hosts associated with such data flows. 

10 

29. A system allowing for dynamic detection of network devices that include 
compatible transformation tunnel capabilities, the network devices located along a 
communications path between a first host node and a second host node, comprising 

a tunnel probing device operably connected to a computer network; wherein 
15 the tunnel probing device comprises: 

a packet processor operative to monitor data flows traversing communication 
paths associated with the computer network to respective destination hosts; 

a transformation tunnel mechanism including transformation tunnel capabilities 
operative to transform data flows from a first state to a second state; 
20 wherein the transformation tunnel mechanism is further operative to 

establish a tunnel with a network device having compatible transformation tunnel 
capabilities located in a communications path associated with the computer network; 

a probe module operative to probe for network devices along communications 
paths to destination hosts that include compatible transformation tunnel capabilities 
25 in response to data flows detected by the packet processor; 

wherein the probe module is operative to associate destination hosts 
with respective network devices along communication paths thereto having 
compatible transformation tunnel capabilities; 

wherein the packet processor is further operative to channel data flows 
30 to the transformation tunnel mechanism, wherein the channeled data flows are bound 
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for destination hosts associated with network devices identified by the probe module; 

m 

and, 

T 

tf at least one network device operably connected to the computer network, 

wherein the network device comprises a transformation tunnel mechanism including 
5 at least one transformation tunnel capability; wherein the network device is operative 
to communicate transformation tunnel capabilities to the tunnel probing device in 
response to probe requests. 
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